The greatest trick the devil ever pulled, was convincing the world that cyber security existed.
Joined December 2018
- Tweets 2,783
- Following 228
- Followers 7,723
- Likes 178
29 Photos and videos
Jun 15
In a post-AI world the value of novel research is exponentially higher.
2
179
May 28
I think one of the big issues right now is prioritizing what bugs to fix first. The amount of effort going into patching Linux LPEs was interesting...
1
2
680
May 28
I just think in most cases LPE isn't very relevant. If someone has a low priv shell on your production machines you're probably already f***ed
3
499
May 26
It has to be the format. There must be a way to keep competitive CTF alive and fun.
What are the skills that remain relevant post-AI? Can we create a format which measures these?
May 25
So sad after this year's DEF CON Quals. I think it’s finally time to retire. Competitive CTFs have turned into a painful, exhausting, and honestly boring grind. Maybe I’ll still check in occasionally, but I’m never going to stay up all night for them again
3
12
2,499
May 26
Or maybe the solution is to go e-sports mode. Most video games have banned botting since forever and still maintain a competitive game. I just think it will be sad to think that CTF is just another sport and no longer teaches useful skills. :/
5
445
May 18
AI posts are so annoying, often the same sentence structure of "that's not X, that's Y".
1
261
May 8
We need some stricter guidelines on who gets to name their CVEs. At a minimum it should be a 10.0 and preferably in something actually useful.
3
12
1,321
Apr 16
Watching people solve challenges with AI and not give a shit about how it actually works must be the same feeling early systems engineers felt watching my generation writing Python. 😂
1
1
18
717
Apr 10
Absolute pleasure working with @monkehack @busf4ctor and @L3G4CY5 on the AWS Tokyo LHE.
It was eye opening seeing all the cool bugs that got reported during the event and I was really proud to have played a small part in getting the most impactful bug in one of the targets! 💪
5
4
106
9,084
Apr 3
Scope: *.domain.com
I report an XSS on a subdomain. They say it doesn't belong to them.
What do I even do in this situation 😭 You really had me testing stuff that you don't own?
4
868
Apr 1
Claude Max is worse than Codex for finding bugs. What am I doing wrong??
1
1,308
Apr 1
AIs can be harmful to many people because they just agree with everything and confirm delusional ideas.
Likewise, I think surrounding yourself with an echo chamber is equally harmful. I think there is true value in having a pessimistic friend who can keep you grounded.
2
4
601
Apr 1
X is particularly bad in this respect. I see it within the security research community a lot - There's just a lack of criticism. Someone will complain about a bounty payout and have 100 comments hyping them up and agreeing but nobody challenging the quality of their report.
1
284
Mar 31
The inequality between attacked and defender has never been more blatant.
Mar 31
day 1: exploited by LiteLLM
day 2: exploited by vim
day 3: exploited by emacs
day 4: exploited by axios
day 5: echo "hello world" exploited me
The threat model is now "software"
2
564
Mar 25
Every now and then I see some political crap on my timeline and realize I've somehow ended back on the For You.
I highly recommend just looking at Following and unfollowing anyone who posts about politics. 😀
2
380
Mar 24
Regarding litellm infostealer: Check for 46.151.182.203 in your outbound connections (:
1
1
730
Mar 17
Writing challenges to prompt inject AI users is actually some of the most fun I've had writing CTF challenges in a long time.
3
23
2,281
Mar 12
XSS on an out of scope subdomain which leads to full ATO on in-scope core domain.
WDYT, would this be valid?
7
36
4,899
Mar 12
Just thinking about this more. We really should do this. If every CTF on CTFTime for the next year resulted in ~10 joke writeups it'd destroy AI for ctf. 😂
Mar 12
Yep let's begin to reward the greatest anti-AI writeup. Whoever can make the funniest incorrect writeup for a challenge gets a prize.
11
1,058